Powershell command to list disabled AD Users:
Search-ADAccount –AccountDisabled -UsersOnly
Search-ADAccount cmdlet lists both users and computers, we need to pass the parameter -UsersOnly to list only users.
Summary
- Find and List All Disabled AD Users
- Find Disabled AD Users from specific OU
- Export Disabled AD Users to CSV file
- Enable All Disabled AD Users
Find and List All Disabled AD Users
The following command find all the disabled AD users by passing the parameter AccountDisabled into Powershell cmdlet Search-ADAccount and list the selected properties of all disabled Active Directory users.
Import-Module ActiveDirectory Search-ADAccount –AccountDisabled -UsersOnly | Select -Property Name,DistinguishedName
Find Disabled AD Users from specific OU using Powershell
We can set target OU scope by using the parameter SearchBase in Search-ADAccount cmdlet. This following command select and list all the disabled AD users from the Organization Unit ‘TestOU‘.
Import-Module ActiveDirectory Search-ADAccount -SearchBase "OU=TestOU,DC=TestDomain,DC=Local" –AccountDisabled -UsersOnly | Select -Property Name,DistinguishedName
Export Disabled AD Users to CSV using Powershell
We can export powershell output into CSV file using Export-CSV cmdlet. The following command export selected properties of all disabled Active Directory users to CSV file.
Import-Module ActiveDirectory Search-ADAccount –AccountDisabled -UsersOnly | Select -Property Name,DistinguishedName | Export-CSV "C:\DisabledADUsers.csv" -NoTypeInformation -Encoding UTF8
CSV Output of Disabled AD User Accounts:
Enable All Disabled AD Users using Powershell
You can enabled the disbaled Active Directory user account by using Powershell cmdlet Enable-ADAccount. The following command find all the disabled AD user accounts using Search-ADAccount cmdlet with AccountDisabled parameter and enable all the disabled user accounts by using Enable-ADAccount cmdlet.
Import-Module ActiveDirectory Search-ADAccount –AccountDisabled -UsersOnly | Enable-ADAccount
Use the below command, if you want to enable users only from specific OU.
Import-Module ActiveDirectory Search-ADAccount -SearchBase "OU=TestOU,DC=TestDomain,DC=Local" –AccountDisabled -UsersOnly | Enable-ADAccount